|
Almost every organization depends on cloud-based services. The backend of cloud-based services are designed for multiple tenants and reside in data centers spread across multiple physical locations. Network security and security management are major hurdles in such a complex, shared environment. This research investigates mitigating the security challenges by taking a moving target defense (MTD) approach. Continually adjusting the system resources such as the topology of the data center, bandwidth allocation and traffic flow policies makes it difficult for attackers to compromise the system. New evaluations methods will be developed to ensure that these MTD mechanisms work properly in practice. The outcome of this research is to have cloud services that are more secure and resilient to attacks. This research is a collaborative effort conducted by researchers from three different universities, Arizona State University, Duke University, and the University of Missouri-Kansas City. Graduate students will be trained to serve the growing need for educating professionals in cyber security. The results of the proposed research will be incorporated into several courses taught at the respective institutions.
The MTD approach in a multi-location, multi-tenant data center environment requires a complex level of coordination. This research investigates defense mechanisms in the data center's virtual networking environment based on programmable networking solutions so that proactive attack countermeasures can be deployed with considerations of the system resource consumption, software bugs/vulnerabilities, effectiveness of countermeasures, and impact on consumers running applications. The research outcomes can be employed for applications that require security situation-awareness variables accurately predicted at a very fine grain resolution, from a few milliseconds to a few seconds. This introduces additional challenges, namely, developing new performance models for networking, data collection, big data-enabled security processing, and control. To address these challenges, this project has two interdependent fundamental research thrusts: (a) investigate a dynamic and adaptive defensive framework at both networking and software levels; and (b) deploy an adaptive security-enabled traffic engineering approach to select optimal countermeasures by considering the effectiveness of countermeasures and network bandwidth allocations while minimizing the intrusiveness to the applications and the cost of deploying the countermeasures. The outcomes of this project will include a set of software APIs and tools to integrate the measurement system and analytical models in a transition to practice effort.
Dr. Huang received his Bachelor of Science degree in Telecommunications from Beijing University of Posts & Telecommunications in 1995. He received his Master of Science and PhD degrees from University of Missouri-Kansas City in 2001 and 2004, respectively. Both majored in Computer Science and Telecommunications. He joined ASU in 2005 in the Department of Computer Science and Engineering as an assistant professor. From 2011, he has been an associate Professor in the School of Computing Informatics and Decision Systems Engineering. His current research interests are in computer and network security, mobile ad hoc networks, network virtualization, and mobile cloud computing. Dr. Huang's research is supported by federal agencies NSF, ONR, ARO, and NATO, and organizations such as Consortium of Embedded System (CES), Hewlett-Packard. He is a recipient of ONR Young Investigator Award and HP Innovation Research Program (IRP) Award. He is currently leading the Secure Networking and Computing (SNAC) research group at ASU.
|
TWC: TTP Option: Small: Collaborative: SRN: On Establishing Secure and Resilient Networking Services